public bool DispatchBasicAuthentication(HttpContextBase context, out bool anonymAuthenticated) { anonymAuthenticated = false; var authHeader = AuthenticationHelper.GetBasicAuthHeader(); if (authHeader == null || !authHeader.StartsWith("Basic ")) { return(false); } var base64Encoded = authHeader.Substring(6); // 6: length of "Basic " var bytes = Convert.FromBase64String(base64Encoded); string[] userPass = Encoding.UTF8.GetString(bytes).Split(":".ToCharArray()); if (userPass.Length != 2) { context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; return(true); } try { var username = userPass[0]; var password = userPass[1]; // Elevation: we need to load the user here, regardless of the current users permissions using (AuthenticationHelper.GetSystemAccount()) { if (AuthenticationHelper.IsUserValid(username, password)) { context.User = AuthenticationHelper.LoadUserPrincipal(username); } else { context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; } } } catch (Exception e) // logged { SnLog.WriteException(e); context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; } return(true); }